mirror of
https://github.com/apple/swift.git
synced 2025-12-14 20:36:38 +01:00
74f287899c
* Fix NULL deref for invalid mangled input The `Qo` operator expects to consume a type name and a list (terminated with a `y` empty list marker) from the stack. After popping the list, it doesn't check whether the stack is empty, so `$syQo` crashes (it pops down to the `y` then tries to pop again). This PR just adds the obvious check to guard against this. Resolves rdar://63128307 * Audit Punycode implementation against RFC3492 Fuzz tests have revealed some weaknesses in the error handling of our Punycode implementation used to mangle Unicode identifiers. A more detailed comparison of the implementation against the algorithm detailed in RFC3492 showed that most of the arithmetic overflow checks were omitted and the ones that were present were handled as success instead of failure. A typical example: RFC3492 algorithm: ``` let w = w * (base - t), fail on overflow ``` Original implementation: ``` w = w * (base - t); ``` Corrected implementation: ``` if (w > std::numeric_limits<int>::max() / (base - t)) return false; w = w * (base - t); ``` Resolves rdar://63392615
10 KiB
10 KiB